Security News > 2021 > October > Russian spies reportedly used SolarWinds hack to steal US counterintelligence details
Russia's SVR spy agency made off with information about US counterintelligence investigations in the wake of the SolarWinds hack, according to people familiar with the American government cleanup operation.
The SVR was named and shamed in April by Britain and the US as the organisation that compromised the build systems of SolarWinds' network monitoring software Orion, used by 18,000 customers across the world.
The attack is said to have led to the Russian foreign intelligence service making off with "Information about counterintelligence investigations, policy on sanctioning Russian individuals and the country's response to COVID-19," according to people involved in the US government's investigation who spoke to Reuters.
The attackers compromised SolarWinds' build servers, inserting a backdoor into the next version of the software that was distributed through trusted channels as part of a scheduled, routine update.
Russia attempted to deny involvement in the compromise of SolarWinds' Orion network management 'n' monitoring product, though there was little room for doubt in the emphatic statements issued by the UK and US in April - along with their expulsion of known Russian spies from their territories as a mark of disapproval.
A not-very-subtle campaign to blunt the SVR's ongoing exploitation attempts post-SolarWinds was mounted by Britain's National Cyber Security Centre, which spent a gleeful couple of summer months telling world+dog exactly what the SVR did next after having the SolarWinds breach attributed to it.
News URL
Related news
- China's Salt Typhoon cyber spies are deep inside US ISPs (source)
- US sanctions crypto exchanges used by Russian ransomware gangs (source)
- US Government, Microsoft Aim to Disrupt Russian threat actor ‘Star Blizzard’ (source)
- US, UK warn of Russian APT29 hackers targeting Zimbra, TeamCity servers (source)
- Russian spies use remote desktop protocol files in unusual mass phishing drive (source)
- US warns of last-minute Iranian and Russian election influence ops (source)
- US govt officials’ communications compromised in recent telecom hack (source)